Can't run the regedit, task mngr etc..

Discussion in 'adware, spyware & hijack cleaning' started by Jlavis, Jun 29, 2004.

Thread Status:
Not open for further replies.
  1. Jlavis

    Jlavis Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    3
    I've followed the previous instructions on other posts and have pasted the log from the Hijackthis program (BTW, I used the Spybot S&D)
    My PC is pretty messed up, I usually work with MACs and have no problems like this.
    If someone can help me I'd be much appreciated.
    Fred, from Argentina...


    Logfile of HijackThis v1.97.7
    Scan saved at 5:54:56 PM, on 6/29/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\WINDOWS\System32\MSCONFIG35.EXE
    C:\WINDOWS\sysupd.exe
    C:\WINDOWS\System32\wuamgrd.exe
    C:\WINDOWS\System32\wmmiexe.exe
    C:\WINDOWS\System32\lserv.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\WINDOWS\System32\wmmiexe.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Fede\My Documents\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hotmail.com/
    F1 - win.ini: run=C:\WINDOWS\services\services\win9x.exe
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [ZGNUBIPWD] C:\WINDOWS\ZGNUBIPWD.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [WinLogon] winlogonb.exe
    O4 - HKLM\..\Run: [TBIP] C:\WINDOWS\TBIP.exe
    O4 - HKLM\..\Run: [MSConfig] MSCONFIG35.EXE
    O4 - HKLM\..\Run: [SERVICES32] c:\windows\services\services\win9x.exe
    O4 - HKLM\..\Run: [VnCplUpdate] "C:\Program Files\Common Files\MSDM\msdm.exe"
    O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\sysupd.exe
    O4 - HKLM\..\Run: [Microsoft Update] wuamgrd.exe
    O4 - HKLM\..\Run: [Windows Management Informant] wmmiexe.exe
    O4 - HKLM\..\Run: [Microsoft Office] lserv.exe
    O4 - HKLM\..\RunServices: [WinLogon] winlogonb.exe
    O4 - HKLM\..\RunServices: [Microsoft Update] wuamgrd.exe
    O4 - HKLM\..\RunServices: [Windows Management Informant] wmmiexe.exe
    O4 - HKLM\..\RunServices: [Microsoft Office] lserv.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Windows Management Informant] wmmiexe.exe
    O4 - HKCU\..\Run: [Microsoft Update] wuamgrd.exe
    O4 - HKCU\..\Run: [Microsoft Office] lserv.exe
    O4 - HKCU\..\RunOnce: [MSConfig] MSCONFIG35.EXE
    O4 - Global Startup: Adobe Gamma Loader.lnk.disabled
    O4 - Global Startup: WinZip Quick Pick.lnk.disabled
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Crear un favorito móvil (HKLM)
    O9 - Extra 'Tools' menuitem: Crear un favorito móvil... (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {2F0D1DA3-F3E4-4C67-BB5C-5AFD70C1A4A5} (UDConnect Class) - http://01.sharedsource.org/html/UDConn_5.2.0.9.cab
    O16 - DPF: {8463A31A-7FB5-4D38-B269-57F4FEFDBB09} (SDData.clsData) - https://mylearning.accenture.com/codebase/SDData.cab
    O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://www.wildtangent.com/install/wdriver/ddc/shockwave/blackhawkstriker/wtinst.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D3B8B8A0-4FA3-44EB-86C7-5BEA866CEA57} (SDAICC.clsAICC) - https://mylearning.accenture.com/codebase/SDAICC.cab
    O16 - DPF: {EE2589EB-7FC8-44DB-A892-573F2C4B41E0} - http://pdf.forbes.com/forbesnews/triggernews/ForbesDownloaderSigned.cab
    O16 - DPF: {FE507B78-691A-4DAA-BE3D-793C86592506} (SDWAPI.clsWAPI) - https://mylearning.accenture.com/codebase/SDWAPI.cab
     
  2. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,350
    Location:
    The Netherlands
    Well, I guess that's what happens if you're not running an antivirus...

    First, run an online virus scan at Panda Active Scan

    When done, restart your computer, then post a fresh log.
     
  3. Jlavis

    Jlavis Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    3
    what about now?
    Is there anything to be changed to imporove my system?
    Also which firewall would you recommend for me to use which uses relatively low memory ? ( < 3000k )
    thanks,

    Logfile of HijackThis v1.97.7
    Scan saved at 4:22:47 AM, on 6/30/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\WINDOWS\sysupd.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\WINDOWS\System32\msiexec.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Documents and Settings\Fede\My Documents\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hotmail.com/
    F1 - win.ini: run=C:\WINDOWS\services\services\win9x.exe
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll
    O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [WinLogon] winlogonb.exe
    O4 - HKLM\..\Run: [TBIP] C:\WINDOWS\TBIP.exe
    O4 - HKLM\..\Run: [VnCplUpdate] "C:\Program Files\Common Files\MSDM\msdm.exe"
    O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\sysupd.exe
    O4 - HKLM\..\Run: [Microsoft Update] wuamgrd.exe
    O4 - HKLM\..\Run: [Windows Management Informant] wmmiexe.exe
    O4 - HKLM\..\Run: [Microsoft Office] lserv.exe
    O4 - HKLM\..\RunServices: [WinLogon] winlogonb.exe
    O4 - HKLM\..\RunServices: [Microsoft Update] wuamgrd.exe
    O4 - HKLM\..\RunServices: [Windows Management Informant] wmmiexe.exe
    O4 - HKLM\..\RunServices: [Microsoft Office] lserv.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Windows Management Informant] wmmiexe.exe
    O4 - HKCU\..\Run: [Microsoft Update] wuamgrd.exe
    O4 - HKCU\..\Run: [Microsoft Office] lserv.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk.disabled
    O4 - Global Startup: WinZip Quick Pick.lnk.disabled
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Crear un favorito móvil (HKLM)
    O9 - Extra 'Tools' menuitem: Crear un favorito móvil... (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {2F0D1DA3-F3E4-4C67-BB5C-5AFD70C1A4A5} (UDConnect Class) - http://01.sharedsource.org/html/UDConn_5.2.0.9.cab
    O16 - DPF: {8463A31A-7FB5-4D38-B269-57F4FEFDBB09} (SDData.clsData) - https://mylearning.accenture.com/codebase/SDData.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://www.wildtangent.com/install/wdriver/ddc/shockwave/blackhawkstriker/wtinst.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D3B8B8A0-4FA3-44EB-86C7-5BEA866CEA57} (SDAICC.clsAICC) - https://mylearning.accenture.com/codebase/SDAICC.cab
    O16 - DPF: {EE2589EB-7FC8-44DB-A892-573F2C4B41E0} - http://pdf.forbes.com/forbesnews/triggernews/ForbesDownloaderSigned.cab
    O16 - DPF: {FE507B78-691A-4DAA-BE3D-793C86592506} (SDWAPI.clsWAPI) - https://mylearning.accenture.com/codebase/SDWAPI.cab
     
  4. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,350
    Location:
    The Netherlands
    You still have a fair number of issues left.

    Check, and have Hijack This fix ALL of the following items:

    F1 - win.ini: run=C:\WINDOWS\services\services\win9x.exe

    O4 - HKLM\..\Run: [WinLogon] winlogonb.exe
    O4 - HKLM\..\Run: [TBIP] C:\WINDOWS\TBIP.exe
    O4 - HKLM\..\Run: [VnCplUpdate] "C:\Program Files\Common Files\MSDM\msdm.exe"
    O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\sysupd.exe
    O4 - HKLM\..\Run: [Microsoft Update] wuamgrd.exe
    O4 - HKLM\..\Run: [Windows Management Informant] wmmiexe.exe
    O4 - HKLM\..\Run: [Microsoft Office] lserv.exe
    O4 - HKLM\..\RunServices: [WinLogon] winlogonb.exe
    O4 - HKLM\..\RunServices: [Microsoft Update] wuamgrd.exe
    O4 - HKLM\..\RunServices: [Windows Management Informant] wmmiexe.exe
    O4 - HKLM\..\RunServices: [Microsoft Office] lserv.exe
    O4 - HKCU\..\Run: [Windows Management Informant] wmmiexe.exe
    O4 - HKCU\..\Run: [Microsoft Update] wuamgrd.exe
    O4 - HKCU\..\Run: [Microsoft Office] lserv.exe

    O16 - DPF: {2F0D1DA3-F3E4-4C67-BB5C-5AFD70C1A4A5} (UDConnect Class) - http://01.sharedsource.org/html/UDConn_5.2.0.9.cab
    O16 - DPF: {EE2589EB-7FC8-44DB-A892-573F2C4B41E0} - http://pdf.forbes.com/forbesnews/tr...oaderSigned.cab


    Now start your computer in Safe Mode, and delete the C:\WINDOWS\sysupd.exe file.

    You want to install a decent antivirus, as well as a good firewall.

    Have a look here for some pointers:

    http://www.wilders.org/anti_viruses.htm
    http://www.wilders.org/firewalls.htm

    I can recommend Look n Stop as a firewall; it has a very small 'footprint'. There's a review of the application at the "Firewalls" web page I linked to.
     
  5. Jlavis

    Jlavis Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    3
    I've done that and everything seems to be working fine now.. THANKS!

    By the way, I have a linksys router, does that work as a Firewall?
     
Thread Status:
Not open for further replies.